Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment At least it's good to know FB has priorities (Score 2) 293

They're only permitting the naughty-bits of human bodies in settings "generally recognized as art." It's just so much more dangerous to society to see the image of a female nipple or other male/female naughty-bits than it is to see live-streamed images of graphic violence. (Notwithstanding the fact that we all have those same bits ourselves, simply covered by clothing.)

I'm not advocating anything-goes - I'm not sure what I'm advocating. But I know something is out of balance, here.

Submission + - Android KeyStore Encryption Scheme Broken (

msm1267 writes: The default implementation for KeyStore, the system in Android designed to store user credentials and cryptographic keys, is broken, researchers say.

In a an academic paper published this week, researchers argue that the particular encryption scheme that KeyStore uses fails to protect the integrity of keys and could be exploited to allow an attacker to modify stored keys through a forgery attack.

KeyStore, which performs key-specific actions through the OpenSSL library, allows Android apps to store and generate their own cryptographic keys. By storing keys in a container, KeyStore makes it more difficult to remove them from the device.

Mohamed Sabt and Jacques Traoré, two researchers with the French telecom Orange Labs, claim the scheme associated with the system is "non-provably secure," and could have "severe consequences."

The two point out in their paper "Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore," that it's the hash-then-encrypt (HtE) authenticated encryption (AE) scheme in cipher block chaining mode (CBC) in KeyStore that fails to guarantee the integrity of keys.

Comment Re:Hillary concerned about legitimacy ? (Score 1) 801

I haven't seen anyone who publishes acting as Hillary's lap dog, lately. Perhaps government functionaries seem to be acting that way, but certainly not anyone who puts anything in the press or online. The only good things I've seen printed about her character have been niche liberal postings, but certainly nothing in mainstream press and nothing in the more visible online.

Submission + - String Theorist Makes Intellectual Property Claim to Suppress Critical Paper (

An anonymous reader writes: Sabine Hossenfelder at the blog Backreaction has this curious story of a new paper which makes an experimental test of the "multiverse" in string theory: "In a recent paper, William Kinney from the University at Buffalo put to test the multiverse-entanglement with the most recent cosmological data. The brief summary is that not only hasn’t he found any evidence for the entanglement-modification, he has ruled out the formerly proposed model for two general types of inflationary potentials... Much to my puzzlement, his analysis also shows that some of the predictions of the original model (such as the modulation of the power spectrum) weren’t predictions to begin with...To add meat to an unfalsifiable idea that made predictions which weren’t, one of the authors who proposed the entanglement model, Laura Mersini-Houghton, is apparently quite unhappy with Kinney’s results and tries to use an intellectual property claim to get his paper removed from the arXiv. I will resist the temptation to comment on the matter and simply direct you to the Wikipedia entry on the Streisand Effect. Dear Internet, please do your job."

Comment Re:Lies from Spies (Score 2) 312

Gee, you've completely missed Russia and China. Of course both of those nations would probably applaud such a move on the part of the US, because it makes pursuing their desires easier.

It's time to remember the classification of encryption as a weapon, and invoke our second amendment rights, "If encryption is outlawed, only outlaws will have encryption."

Comment Re:All Electric? Cool! (Score 3, Interesting) 130

My impression is that satellites have been using this as part of their attitude control for quite some time. More specifically, they have gyros that they use to change the attitude. Periodically the gyro gets near the limits of what they can do. When that happens, they reset the gyros back to a neutral setting, and offset that with a matching torque against the Earth's magnetic field so the attitude remains constant.

The gyros can move the satellite faster and more easily than the magnetic torquing system, so that's what's used for normal attitude control.

Submission + - LIGO detects another black hole crash, more gravitational waves (

sciencehabit writes: The biggest discovery in science this year—the observation of ripples in space-time called gravitational waves—was no fluke. For a second time, physicists working with the two massive detectors in the Laser Interferometer Gravitational-Wave Observatory (LIGO) have detected a pulse of such waves, the LIGO team reported on 15 June at a meeting of the American Astronomical Society in San Diego, California. Once again the waves emanated from the merger of two black holes, the ultraintense gravitational fields left behind when massive stars collapse into infinitesimal points. The new observation suggests that after fine-tuning, LIGO will spot dozens or even hundreds of the otherwise undetectable events each year.

Submission + - Made in Space company studies making asteroids into spacecraft for NASA (

MarkWhittington writes: It is no secret that asteroid mining has passed from science fiction to something that both NASA and private industry are dreaming about as a killer app to opening up the high frontier of space. According to Space.coma, a company called Made in Space, with a $100,000 study contract from the space agency, is looking for a way to seize asteroids and turn them into spacecraft that would fly to mining stations, say in cis-lunar space or perhaps in Mars orbit. They would be stripped of resources that wo

Submission + - E Ink goes full-color (

SkinnyGuy writes: The reflective display company finally figured out how to make those ultra tiny balls produce 32,000 colors in one super-low-powered display. It's a breakthrough for E Ink, display advertising and, maybe someday, e-readers and digital photo frames.

Submission + - Asl Slashdot: How Hard Is It To Have a Smart Home That's Not 'In The Cloud'? 1

An anonymous reader writes: It's beginning to seem like everything related to home (and much other) automation is basically remote control 'in the cloud' feeding information about you to somebody's advertising system. In principle, this should not be the case, but it is in practice. So how hard is it, really, to do 'home automation' without sending all your data to Google, Samsung, or whoever — just keep it to yourself and share only what you want to share? How hard would it be, for instance, to hack a Nest thermostat so it talks to a home server rather than Google? Or is there something already out there that would do the same thing as a Nest but without 'the cloud' as part of the requirement? Yes, a standard programmable thermostat does 90% of what a Nest does, but there are certain things that it won't do like respond to your comings and goings at odd hours, or be remotely switchable to a different mode (VPN to your own server from your phone and deal with it locally, perhaps?). Fundamentally, is there a way to get the convenience and not expose my entire life and home to unknown actors who by definition (read the terms of service) do not have my best interest in mind?

Submission + - Implication of Bayesian reasoning in some mental disorder cases (

Taco Cowboy writes: Bayesian theorem describes the probability of an event, based on conditions that might be related to the event, but in specific mental disorders the slightest 'misses' of Bayesian guesses lead into dangerous conclusions after inner amplifying loops

People have assumptions about the world, which are either inborn or learned early in life. For example:
Light comes from above
Noses stick out
Objects move slowly
Background images are uniformly colored
Other people’s gazes are directed at us

From within the dark confines of the skull, the brain builds its own version of reality. By weaving together expectations and information gleaned from the senses, the brain creates a story about the outside world

Guesses just slightly off — like mistaking a smile for a smirk — rarely cause harm. But guessing gone seriously awry may play a part in mental illnesses such as schizophrenia, autism and even anxiety disorders

Experiments guided by Bayesian math reveal that the guessing process differs in people with some disorders

People with schizophrenia, for instance, can have trouble tying together their expectations with what their senses detect. And people with autism and high anxiety don’t flexibly update their expectations about the world, some lab experiments suggest. That missed step can muddy their decision-making abilities

Given the complexity of mental disorders such as schizophrenia and autism, it is no surprise that many theories of how the brain works have fallen short

Current explanations for the disorders are often vague and untestable. Against that frustrating backdrop, great promises are embedded in a strong mathematical theory, one that can be used to make predictions and may actually be able to test them

Bayesian reasoning may be new to the mental illness scene, but the math itself has been around for centuries. First described by the Rev. Thomas Bayes in the 18th century, this computational approach truly embraces history: Evidence based on previous experience, known as a “prior,” is essential to arriving at a good answer, Bayes argued

He may have been surprised to see his math meticulously applied to people with mental illness, but the logic holds

To make a solid guess about what’s happening in the world, the brain must not rely just on current input from occasionally unreliable senses. The brain must also use its knowledge about what has happened before. Merging these two streams of information correctly is at the heart of perceiving the world as accurately as possible

For example, this image — — for ordinary people hollow face on the right looks 'protruding', but the same hollow face won't fool those who are infected with schizophrenia

The way the brain combines incoming sensory information with existing knowledge may also be different in autism, some researchers argue. In some cases, people with autism might put excess weight on what their senses take in about the world and rely less on their expectations

Distorted calculations — and the altered versions of the world they create — may also play a role in depression and anxiety, some researchers think. While suffering from depression, people may hold on to distorted priors — believing that good things are out of reach, for instance. And people with high anxiety can have trouble making good choices in a volatile environment, neuroscientist Sonia Bishop of the University of California, Berkeley and colleagues reported in 2015 in Nature Neuroscience

Scientists can’t yet say what causes this difficulty adjusting to a new environment in anxious people and in people with autism. It could be that once some rule is learned (a sequence of computer keys, or the link between a shape and a shock), these two groups struggle to update that prior with newer information

Math may be able to help clarify mental illnesses in a way that existing approaches can’t, by demystifying psychiatric disorders

By treating the brain as a Bayesian number cruncher, it might lead to a more rigorous understanding of mental illness

Scientists hope that a deeper description of mental illnesses may lead to clearer ways to identify a disorder, chart how well treatments work and even improve therapies. Cognitive behavioral therapy could help depressed people recalculate their experiences by putting less weight on negative experiences and perhaps breaking out of cycles of despondence

Beyond these potential interventions, simply explaining to people how their brains are working might ease distress

“If you can give people an explanation that makes sense of some of the experiences they’ve had, that can be a profoundly helpful thing. It destigmatizes the experience”

Submission + - EPA's Ties to Monsanto Could Be Disastrous for the US (

walterbyrd writes: Dozens of papers cited in the retracted EPA report on glyphosate are "unpublished regulatory studies," meaning that they weren't peer-reviewed and it's unclear how the data was collected or tested. As Nathan Donley with the Center for Biological Diversity wrote in a press release, "The EPA's analysis relied heavily on industry-funded studies that have not undergone public scrutiny, while the WHO used publicly available research for its analysis."

Submission + - Aphantasia - not having a mind's eye. (

hamster_nz writes: Picture something in your mind's eye — maybe a face of a loved one. Mozilla founder Blake Ross can't — and nor can I. When I close my eyes and all I see is the dark inside of my eyelids — apparently most of you don't, and can 'see' mental images of anything you think of!

Although talked about in the late 1880s but has remained largely unstudied until the last year it has been given the name — 'Aphantasia'. I guess that explains my love of non-fiction and technology... and my complete apathy towards Lord of the Rings.

I wonder if it is common among Slashdot readers? Does not requiring a 'mental canvas' have any implication for machine learning and AI?

Submission + - Banking-grade authentication for all 1

ymenager writes: For a long while I’ve been quite frustrated with the IT authentication available.

1) Most authentication solutions available have proven themselves to be very weak and especially vulnerable to social engineering and advanced malware deployed by cybercriminals (banks lose millions daily due to cyber-theft, even those using “best practice” solutions)

2) Most solutions deployed are based on a “one-size-fits-all” model. This model however is not very good, because each person will have a different willingness to trade off convenience for security depending on the stakes of what they’re trying to protect. For example if you have two bank accounts, one with a small amount of money and another with all your life savings, most people would be willing to suffer extra inconvenience in order to guarantee that all their life savings are protected from cyber-criminals.

3) Most “advanced” authentication technologies are “corporate priced” and completely unaffordable for typical small businesses or websites that have non-paying users (which is the majority of websites out there).

4) Most technologies neglect account recovery, leaving major holes in their security. For example we’re told that “Secured by Visa” would improve your credit card security by protecting with a password, however a hacker can use the account recovery to bypass the password step, only by knowing the user’s date of birth (which is much less “secret” than a password, and often easy to find from social networks or using social engineering).

This led me to create IDVKey, a banking-grade mobile and cloud authentication solution that:

- Provides a very high level of security, in fact better than most banks currently have available for their customers (talking from experience as I’ve spent the last 5 years designing crypto/security solutions in the banking industry).
- Is an “authentication Swiss army knife” that covers all authentication needs.
- Allows the user to take control of their security/convenience balance.
- Is affordable by everyone.

Its primary feature is a secure real-time notification mechanism that allows the user to easily authenticate and approve any sensitive operation using their mobile device (aka out-of-band authentication).

This short video demonstrates how that works

On top of that we’ve added "legacy support” in the form of Google authenticator (TOTP/HOTP) compatible one-time-passwords, as well as a Password manager.

We’re providing various ways for the user to customize security to fit their needs. For example using the ability to set different security levels that are secured by different unlock mechanisms.

For example if you could setup your app to be able to:

- Authenticate with your social network website without needing to unlock the app
- Require a PIN to access most of your other normal website/services
- Require a long password and fingerprint to authenticate with your online bank.

Account recovery is designed to be highly customizable. You will able to specify different recovery mechanisms each with a specific delay.

After the user approves account recovery using one of those methods, the recovery will only be processed after that delay giving the user the chance to identify and abort any fraudulent recovery attempts.

IDVKey is now on open beta, and you can request access on it’s website (please note not all the features described above are currently available in the beta but will released in the near future).

Integration with your website/service can be easily done using our REST API, and we provide extensive documentation in our dev support pages

We also provide various SDKs and examples in order to make integration easier (we currently provide a Java SDK and website example, and will be adding PHP soon).

Slashdot Top Deals

If it is a Miracle, any sort of evidence will answer, but if it is a Fact, proof is necessary. -- Samuel Clemens